It all starts with a risk assessment…, said a security professional once, when I talked to him about business continuity planning. I laughed it off then, but there’s no denying that a risk assessment could provide valuable business intelligence in what you focus on. As any C-suite member or director could tell you, prioritising risks to business (regardless of scenario) is a struggle faced by all senior managers, regardless of the size of the company. If the daily task prioritisation in itself proves difficult, how can we plan for threats to businesses we may not even know about? Let’s find out.
A business impact assessment, which looks at the business-critical activities and the effects of various threats to its effective running, can be a very useful starting point. However, I don’t even need to come into assess the risks to business to know that one of your key risks would be that your star employees with key knowledge could leave. Right at the top, amongst this, would also be threats to the information systems operations, such as power failure, lack of water, and fire.
While it can be great to think about all (or almost all) eventualities of information systems failure and the threats to business, chances are, neither you nor your company, have the time, resource or money to allocate to business continuity planning. For most small and medium businesses, the biggest risk can still be compromise in the physical building.
Take, for instance, the case of fire or flood. There’s not only the need to evacuate everyone in a timely manner, there’s a need to ensure physical safety of staff, visitors and equipment alike in order to prevent further damage in the event of a physical security compromise. Things you need to think about could vary from making sure that your key staff with a security responsibility knows the procedure for such eventualities and the need to carry out such plans in a timely and efficient manner without causing further disruptions or confusion.
Let’s talk a walk-through of the above scenario, then: how do you initiate your plan. Is there an agreed procedure which outlines the plan of action? Is this made available to your key staff, and kept in a secure location which can be accessed by relevant members in the event of an incident?
What if that event causes the shutdown of systems? The worst thing you can do is to spend time and effort drafting such plans but save it on to a network shared drive, which is probably one of the first systems to get affected when there’s a power failure due to physical security issues.
The next thing, then, can be the people. The biggest assets, threats and vulnerabilities to an organisation, people can both enable and cause unwitting danger to you and others. You may have assigned a fire marshal who can escort your key staff out of our buildings when there’s a security issue. GDPR regulations and the data integrity (and accuracy) aside, one group of people who often gets forgotten about are visitors.
How do you manage your visitors? Are you still using a paper book? How do you make sure people sign out on exit? How do they know of procedures?
If you don’t monitor their exit, and if they aren’t told of the procedure in case of such events, how will they know what to do if they’re stuck in the building at the wrong time?
It is always a cost/benefit decision for businesses in terms of what you might invest in, in order to support business continuity. Let’s face it, it’s often a difficult time for reception staff to manage visitor logs. With the new legislations in place, we want to collect as little information as we can, but how can we ensure that we meet our requirements?
OFEC have a low-cost flexible solution for you. Have you considered DigiGreet, the GDPR compliant visitor management system?
DigiGreet offers live fire drill check lists which can be accessed from any mobile device, you just need to know the security answer meaning multiple people can run a roll call at the same time to make sure you can check everyone is accounted for as quickly possible.
The visitor management system can inform visitors and contractors of important policy and procedure documents during the signing in process so they know where exactly the fire exits are etc.
The biggest worry in such an eventuality is that despite all you do, the first question that the fire fighters will ask upon arrival is whether there’s anyone inside.
If you’re not able to answer with a resounding no, then they will be risking their lives, possibly, to find people who may have long left- but you had no way of knowing, well DigiGreet has an auto sign out function to combat this.
With DigiGreet, you will get the assurance that’s much needed for such business continuity plans and incidents.